Mobile applications lack a strong authentication mechanism to authenticate users. Methods commonly used on a computing platform (e.g., desktop) include smartcards and TPM (trusted platform module) technology, neither of which exist on mobile devices. Other mechanisms such as a client certificate are difficult to deploy while methods such as one-time-password (OTP) are applicable on mobile devices, but are complicated and cumbersome to the user experience. Meanwhile, network operators usually have strong authentication mechanisms available such as the cellular SIM (subscriber identity module) asymmetric authentication.